The risk on this one is you're playing with the password file directly. If you ensure you have a backup of it (RCS anyone?), verify it's contents afterward, and verify your ability to connect to the server afterward, it's not a major issue.

I did something similar to this when making sweeping gecos field format changes... Got to love meaningless corporate standards...

Re: simple script to change the login shell for many users.

>>...which appears to also set root's shell to /usr/bin/false which would be a *bad thing*....

That would be incorrect - or, rather, correct only if root is in the file referenced as "cat ${list-o-users)". The eval'ed perl statement looks for a line that begins with "${user}:"

If your ${list-o-users} contains:

ciprianobasnyatrdaihlmnevinbasisnar

it will look first for a line that starts with "^cipriano:", followed by the next, etc.

Of course, if the user were silly enough to put root in the file, then, yes, it would lock root. That would be why you would want to back up the password file originally, evalute the contents afterward, and verify connectivity afterward...

Re: simple script to change the login shell for many users.

> OldSchool: ...which appears to also set root's shell to /usr/bin/false which would be a *bad thing*....

That would be a very bad thing [ :-) ] if the 'list-o-users' file had 'root' as one of its lines. If it doesn't then Doug's script is one way.

> OldSchool: one has to wonder why you want to have 400 accounts that can't log in tho....

Some of use mused about that in an offline exchange. It could be that Vee needs/wants to keep a historical record of inactivated users to be able to map 'uid's to names (GECOS information?) and/or leave those user's files intact. Of course it would be interesting to know the OP's reason and not our supposition :-)